Buck Woody : Security, SQL Azurehttp://sqlblog.com/blogs/buck_woody/archive/tags/Security/SQL+Azure/default.aspxTags: Security, SQL AzureenCommunityServer 2.1 SP2 (Build: 61129.1)SQL Azure and Trust Serviceshttp://sqlblog.com/blogs/buck_woody/archive/2012/03/27/sql-azure-and-trust-services.aspxTue, 27 Mar 2012 12:32:17 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:42507BuckWoody0http://sqlblog.com/blogs/buck_woody/comments/42507.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=42507<p>Microsoft is working on a new Windows Azure service called &ldquo;Trust Services&rdquo;. Trust Services takes a certificate you upload and uses it to encrypt and decrypt sensitive data in the cloud. Of course, like any security service, there&rsquo;s a bit more to it than that. I&rsquo;ll give you a quick overview of how you can use this product to protect data you send to SQL Azure.</p>
<p>The primary issue with storing data in the cloud is that you are in an environment that isn&rsquo;t under your control &ndash; in fact, that&rsquo;s the benefit of being in a distributed computing environment in the first place. On premises you&rsquo;re able to encrypt data you don&rsquo;t want anyone else to see, using various methods such as passwords (not very strong) or certificates (stronger). When you use a certificate, it&rsquo;s vital that you create (or procure) and protect it yourself.</p>
<p>When you store data remotely, regardless of IaaS, PaaS or SaaS, you don&rsquo;t own the machines where the data lives. That means if you use a certificate from the cloud vendor to encrypt the data, you have to trust that the data won&rsquo;t be accessed by the vendor. In some cases having a signed agreement with the vendor that they won&rsquo;t access your data is sufficient, in other cases that doesn&rsquo;t meet the requirements your system has for security.</p>
<p>With the new Trust Services service, the basic process is that you use a Portal to create a Trust Server using&nbsp;policies and other controls. You place a X.509 Certificate you create or procure in that server. Using the Software&nbsp;development Kit (SDK), the developer has access to an Application Layer Encryption Framework to set fields of data they want to encrypt. From there, the data can be stored in SQL Azure as a standard field &ndash; only it is encrypted before it ever arrives. The portion of the client software that decrypts the data uses the same service, so the authenticated user sees the data if they are allowed to do so. The data remains encrypted &ldquo;at rest&rdquo;.&nbsp;</p>
<p><a href="http://sqlblog.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79/2625.TrustServices1.png"><img alt="" src="http://sqlblog.com/resized-image.ashx/__size/550x0/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79/2625.TrustServices1.png" border="0" /></a></p>
<p>You can learn more about this product and check it out in the SQL Azure labs at <a href="http://www.microsoft.com/en-us/sqlazurelabs/labs/trust-services.aspx">Microsoft Codename "Trust Services"</a></p><img src="http://sqlblog.com/aggbug.aspx?PostID=42507" width="1" height="1">SecuritySQL AzureSQL Azure - Requiring Encrypt=Truehttp://sqlblog.com/blogs/buck_woody/archive/2012/03/06/sql-azure-requiring-encrypt-true.aspxTue, 06 Mar 2012 13:43:11 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:42122BuckWoody0http://sqlblog.com/blogs/buck_woody/comments/42122.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=42122<p><em><font color="#c0504d">(Many thanks to Peter Gvozdjak and Dan Benediktson here at Microsoft who worked with me on this issue and provided the bulk of information for this post)</font></em></p> <p>Recently I had a customer inquire about some performance tuning he wanted to do for SQL Azure, and as part of that he found that it was possible to remove the “<strong>Encrypt=True</strong>” setting on <a href="http://msdn.microsoft.com/en-us/library/ee336243.aspx" target="_blank">the ADO.NET connection to SQL Azure</a>. We have always stated that the connections to SQL Azure are encrypted, so being able to remove this string surprised him. (More on that reference here: <a href="http://msdn.microsoft.com/en-us/library/windowsazure/ff394108.aspx">http://msdn.microsoft.com/en-us/library/windowsazure/ff394108.aspx</a>) </p> <p>It is true that all connections to SQL Azure are encrypted - whether you use the <strong>Encrypt=True </strong>string or not. We’ll force the connection to encrypt even if you don’t, or we won’t route it. However, you do want to use that string, for a couple of reasons. </p> <p>Whenever you include the <strong>Encrypt=True </strong>string, the connection will require that your client validate the Certificate that SQL Azure presents, to ensure that key is the one used by Microsoft. If you don’t include that string, it’s possible - not probable, but possible - that someone could set up a false DNS to cause your certificate to be validated elsewhere. </p> <p>So don’t give the bad guys a way in - there is no performance gain (other than perhaps if the bad DNS is in your own building!) by leaving it off. Follow the best practice of using <strong>Encrypt=True</strong>.</p> <p>There’s more on connection management for things like retries and so on here: <a href="http://social.technet.microsoft.com/wiki/contents/articles/sql-azure-connection-management.aspx">http://social.technet.microsoft.com/wiki/contents/articles/sql-azure-connection-management.aspx</a></p><img src="http://sqlblog.com/aggbug.aspx?PostID=42122" width="1" height="1">AzureSecuritySQL AzureShould All Data Be Encrypted By Default?http://sqlblog.com/blogs/buck_woody/archive/2011/08/09/should-all-data-be-encrypted-by-default.aspxTue, 09 Aug 2011 13:45:04 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:37638BuckWoody0http://sqlblog.com/blogs/buck_woody/comments/37638.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=37638<p>Recently several IT industry information outlets have reported that there has been a 10-year concentrated, organized effort on breaking through computer security at some of the largest companies in the world. Government sites have also been attacked in multiple countries. Add to this the regular loss of data by banking and other industries, and the fear of “the cloud” as a storage location, and it seems to beg the question asked in the title in this post: “should all data, everywhere, be encrypted by default?” </p> <p>If you’re new to encryption, there’s an excellent video and overview here: <a href="http://blogs.msdn.com/b/plankytronixx/archive/2010/10/23/crypto-primer-understanding-encryption-public-private-key-signatures-and-certificates.aspx">http://blogs.msdn.com/b/plankytronixx/archive/2010/10/23/crypto-primer-understanding-encryption-public-private-key-signatures-and-certificates.aspx</a>&#160;</p> <p>If all data were encrypted, the break-in to websites would still continue, but the value would be lessened for some types of “orthogonal” attacks that only seek the pure stream of data. </p> <p><strong>Data States</strong></p> <p>Computing has two major components - static program elements and data. The program doesn’t change (until it is updated, of course) over the course of a transaction between a user and the ultimate data store. Data is classified as anything that is manipulated by the program. That implies three states of the data interchange: Creation, Transmission, and Storage. In on-premise systems, many times none of these states are encrypted. The entire system from user to data store is viewed as “secure”, which of course evidence has proved it is not. In some cases, even laptops are viewed as part of an on-premise system, and so is left unprotected. If all data were treated as “publicly viewable”, that mindset would lead to encrypting the data at all states, even for on-premise systems.</p> <p><em>Creation</em></p> <p>In this phase, a user, device or other input program creates data to send to the program. This can be entries on a web form, input from a weather sensor, or one service (program) sending information to another service. There are multiple ways to encrypt data at this state, most notably using client-side libraries such as the Windows Crypto API, hardware encryption and others. The reference for the Crypto API is here: <a href="http://msdn.microsoft.com/en-us/library/ms867086.aspx">http://msdn.microsoft.com/en-us/library/ms867086.aspx</a></p> <p><em>Transmission</em></p> <p>After the data is created, it needs to be transmitted to the processing and storage system. the references above explain how to secure the communications channel between the client systems and the various components used within the system. In the case of Windows Azure, the session can be protected with a secure session, and all communications within the Azure datacenters are encrypted. The key is that the transmission of data, regardless of method, should be considered to be “in the clear”, and treated as such. Without the decryption algorithm, it’s much harder to get to the ultimate goal. </p> <p><em>Storage (data at rest) </em></p> <p>It follows that f the data is encrypted at the source, and the decryption method is retained only with the code that processes the data, then the data “at rest” if obtained is less accessible. If the data is not encrypted at the source, then this step should be put into place at a minimum. In many cloud systems, including Windows and SQL Azure, the data is not encrypted at rest. There are various reasons for this, including performance, physical and logical security already in place, and the fact that the encryption process would expose customer data to the provider while it is being encrypted. In this case, the key is to encrypt the data before it is transmitted and stored, so that it is encrypted ahead of time. </p> <p><strong>Considerations</strong></p> <p>Encrypting data is a separate process, and must be factored into the original codebase. This means additional effort, and more CPU power for the encryption process (although many systems have security hardware included which help with this) and of course protecting the keys. If the keys are accessed, the data is considered unencrypted from then on, and all previous encryption with that particular key is now vulnerable. Key rotation and protection is essential. Even so, the benefits of treating all data as being at risk outweighs the efforts.</p> <p>You can learn more about general encryption here: <a href="http://msdn.microsoft.com/en-us/library/aa380255(VS.85).aspx">http://msdn.microsoft.com/en-us/library/aa380255(VS.85).aspx</a></p><img src="http://sqlblog.com/aggbug.aspx?PostID=37638" width="1" height="1">AzureBest PracticesCloudCloud ComputingDataEncryptionSecuritySQL AzureWindows AzureWindows Azure Security Linkshttp://sqlblog.com/blogs/buck_woody/archive/2010/11/01/windows-azure-security-links.aspxMon, 01 Nov 2010 15:59:48 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:30057BuckWoody0http://sqlblog.com/blogs/buck_woody/comments/30057.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=30057<p class="MsoNormal" style="margin:0in 0in 0pt;"><span style="font-family:Calibri;"><span style="font-size:small;">Research shows that companies that are considering a &ldquo;cloud&rdquo; platform have various concerns, and that security is at the top of that list. I&rsquo;ve put together a list of the resources I use for explaining our security posture, and the steps that you need to take to be secure in Windows and SQL Azure. I&rsquo;ll try and keep this list current &ndash; if you don&rsquo;t see something that you need, leave me a comment below and I&rsquo;ll research that for you.<o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><o:p><span style="font-family:Calibri;font-size:small;">&nbsp;</span></o:p></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><span style="font-family:Calibri;"><span style="font-size:small;">Security in any technology should use a multi-layered approach, and that holds true for cloud computing as well. There are things that Microsoft does for security, and things that you need to do to secure your own code and environment. As always, it&rsquo;s best to discuss these items with a technical professional, but these links should provide you some good background to have those discussions. </span></span></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><span style="font-family:Calibri;"><span style="font-size:small;"></span></span></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><span style="font-family:Calibri;"><span style="font-size:small;">This isn&rsquo;t an exhaustive list; there will be other sources you can use for that, but I have it in a format that I think is easy to follow. Most of the links I show here have references to yet other sources as you need them.<o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><o:p><span style="font-family:Calibri;font-size:small;">&nbsp;</span></o:p></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><b style="mso-bidi-font-weight:normal;"><span style="font-family:Calibri;"><span style="font-size:small;">General Information on Cloud Computing Security:<o:p></o:p></span></span></b></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">General Security Whitepaper &ndash; answers most questions: </span><a href="http://blogs.msdn.com/b/usisvde/archive/2010/08/10/security-white-paper-on-windows-azure-answers-many-faq.aspx"><span style="font-family:Calibri;font-size:small;">http://blogs.msdn.com/b/usisvde/archive/2010/08/10/security-white-paper-on-windows-azure-answers-many-faq.aspx</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Windows Azure Security Notes from the Patterns and Practices site: </span><a href="http://blogs.msdn.com/b/jmeier/archive/2010/08/03/now-available-azure-security-notes-pdf.aspx"><span style="font-family:Calibri;font-size:small;">http://blogs.msdn.com/b/jmeier/archive/2010/08/03/now-available-azure-security-notes-pdf.aspx</span></a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Great Overview of Azure Security: </span><a href="http://www.windowsecurity.com/articles/Microsoft-Azure-Security-Cloud.html"><span style="font-family:Calibri;font-size:small;">http://www.windowsecurity.com/articles/Microsoft-Azure-Security-Cloud.html</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Azure Security Resources: </span><a href="http://reddevnews.com/articles/2010/08/19/microsoft-releases-windows-azure-security-resources.aspx"><span style="font-family:Calibri;font-size:small;">http://reddevnews.com/articles/2010/08/19/microsoft-releases-windows-azure-security-resources.aspx</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Cloud Computing Security Considerations: </span><a href="http://www.microsoft.com/downloads/en/details.aspx?FamilyID=68fedf9c-1c27-4642-aa5b-0a34472303ea&amp;utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center"><span style="font-family:arial,helvetica,sans-serif;"><span style="font-size:x-small;">http://www.microsoft.com/downloads/en/details.aspx?FamilyID=68fedf9c-1c27-4642-aa5b-0a34472303ea&amp;utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center</span></span></a><span style="font-size:small;"><span style="font-family:arial,helvetica,sans-serif;"><span style="font-size:x-small;"> <o:p></o:p></span></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Security in Cloud Computing &ndash; a Microsoft Perspective: </span><a href="http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7c8507e8-50ca-4693-aa5a-34b7c24f4579&amp;utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center"><span style="font-family:arial,helvetica,sans-serif;"><span style="font-size:x-small;">http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7c8507e8-50ca-4693-aa5a-34b7c24f4579&amp;utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center</span></span></a><span style="font-size:small;"><span style="font-family:arial,helvetica,sans-serif;"><span style="font-size:x-small;"> <o:p></o:p></span></span></span></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><o:p><span style="font-family:Calibri;font-size:small;">&nbsp;</span></o:p></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><b style="mso-bidi-font-weight:normal;"><span style="font-family:Calibri;"><span style="font-size:small;">Physical Security for Microsoft&rsquo;s Online Computing:<o:p></o:p></span></span></b></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l2 level1 lfo3;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">The Global Foundation Services group at Microsoft handles our physical security. It&rsquo;s quite robust, and meets </span><a href="http://www.27000.org/iso-27001.htm"><span style="font-family:Calibri;font-size:small;">ISO 27001</span></a><span style="font-family:Calibri;font-size:small;"> and </span><a href="http://sas70.com/sas70_overview.html"><span style="font-family:Calibri;font-size:small;">SAS-70</span></a><span style="font-family:Calibri;font-size:small;"> requirements. More here: </span><a href="http://www.globalfoundationservices.com/security/index.html"><span style="font-family:Calibri;font-size:small;">http://www.globalfoundationservices.com/security/index.html</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l2 level1 lfo3;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Microsoft&rsquo;s Security Response Center: </span><a href="http://www.microsoft.com/security/msrc/"><span style="font-family:Calibri;font-size:small;">http://www.microsoft.com/security/msrc/</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><o:p><span style="font-family:Calibri;font-size:small;">&nbsp;</span></o:p></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><b style="mso-bidi-font-weight:normal;"><span style="font-family:Calibri;"><span style="font-size:small;">Software Security for Microsoft&rsquo;s Online Computing:<o:p></o:p></span></span></b></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l0 level1 lfo2;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Windows Azure is developed using the Trustworthy Computing Initiative - you should follow this as well: </span><a href="http://www.microsoft.com/about/twc/en/us/default.aspx"><span style="font-family:Calibri;font-size:small;">http://www.microsoft.com/about/twc/en/us/default.aspx</span></a><span style="font-family:Calibri;font-size:small;"> and </span><a href="http://msdn.microsoft.com/en-us/library/ms995349.aspx"><span style="font-family:Calibri;font-size:small;">http://msdn.microsoft.com/en-us/library/ms995349.aspx</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l0 level1 lfo2;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Identity and Access in the Cloud: </span><a href="http://blogs.msdn.com/b/technology_titbits_by_rajesh_makhija/archive/2010/10/29/identity-and-access-in-the-cloud.aspx"><span style="font-family:Calibri;font-size:small;">http://blogs.msdn.com/b/technology_titbits_by_rajesh_makhija/archive/2010/10/29/identity-and-access-in-the-cloud.aspx</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><o:p><span style="font-family:Calibri;font-size:small;">&nbsp;</span></o:p></p>
<p class="MsoNormal" style="margin:0in 0in 0pt;"><b style="mso-bidi-font-weight:normal;"><span style="font-family:Calibri;"><span style="font-size:small;">Security Steps you should take:<o:p></o:p></span></span></b></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Securing your cloud architecture, step-by-step: </span><a href="http://technet.microsoft.com/en-us/magazine/gg296364.aspx"><span style="font-family:Calibri;font-size:small;">http://technet.microsoft.com/en-us/magazine/gg296364.aspx</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Security Guidelines for Windows Azure: </span><a href="http://redmondmag.com/articles/2010/06/15/microsoft-issues-security-guidelines-for-windows-azure.aspx"><span style="font-family:Calibri;font-size:small;">http://redmondmag.com/articles/2010/06/15/microsoft-issues-security-guidelines-for-windows-azure.aspx</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Best Practices for Windows Azure Security: </span><a href="http://blogs.msdn.com/b/vbertocci/archive/2010/06/14/security-best-practices-for-developing-windows-azure-applications.aspx"><span style="font-family:Calibri;font-size:small;">http://blogs.msdn.com/b/vbertocci/archive/2010/06/14/security-best-practices-for-developing-windows-azure-applications.aspx</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Active Directory and Windows Azure: </span><a href="http://blogs.msdn.com/b/plankytronixx/archive/2010/10/22/projecting-your-active-directory-identity-to-the-azure-cloud.aspx"><span style="font-family:Calibri;font-size:small;">http://blogs.msdn.com/b/plankytronixx/archive/2010/10/22/projecting-your-active-directory-identity-to-the-azure-cloud.aspx</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Understanding Encryption (great overview and tutorial): </span><a href="http://blogs.msdn.com/b/plankytronixx/archive/2010/10/23/crypto-primer-understanding-encryption-public-private-key-signatures-and-certificates.aspx"><span style="font-family:Calibri;font-size:small;">http://blogs.msdn.com/b/plankytronixx/archive/2010/10/23/crypto-primer-understanding-encryption-public-private-key-signatures-and-certificates.aspx</span></a><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Securing your Connection Strings: </span><a href="http://blogs.msdn.com/b/sqlazure/archive/2010/09/07/10058942.aspx"><span style="font-family:Calibri;font-size:small;">http://blogs.msdn.com/b/sqlazure/archive/2010/09/07/10058942.aspx</span></a><span style="font-family:Calibri;"><span style="font-size:small;"> <o:p></o:p></span></span></p>
<p class="MsoListParagraph" style="text-indent:-0.25in;margin:0in 0in 0pt 0.5in;mso-list:l1 level1 lfo1;"><span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:Symbol;"><span style="mso-list:Ignore;"><span style="font-size:small;">&middot;</span><span style="font:7pt 'Times New Roman';">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><span style="font-family:Calibri;font-size:small;">Getting started with Windows Identity Foundation (WIF) quickly: </span><a href="http://blogs.msdn.com/b/alikl/archive/2010/10/26/windows-identity-foundation-wif-fast-track.aspx"><span style="font-family:Calibri;font-size:small;">http://blogs.msdn.com/b/alikl/archive/2010/10/26/windows-identity-foundation-wif-fast-track.aspx</span></a><span style="font-size:small;"><span style="font-family:Calibri;"> <o:p></o:p></span></span></p><img src="http://sqlblog.com/aggbug.aspx?PostID=30057" width="1" height="1">AzureCloudSecuritySQL Azure